跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 林政諭
Cheng-Yu Lin
論文名稱: 應用於遠程證實之資訊隱藏型亂數填充技術
Data-hiding based random padding in remote attestation
指導教授: 顏嵩銘
Sung-Ming Yen
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2018
畢業學年度: 106
語文別: 中文
論文頁數: 77
中文關鍵詞: 無線感測網路遠程證實亂數填充技術硬體安全模組
外文關鍵詞: wireless sensor network, remote attestation, random padding, hardware security module
相關次數: 點閱:5下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 由基地台及感測節點所構成的無線感測網路已逐漸普及於我們的日常生活中。其中,於無線感測網路中擔任要角的感測節點在擁有諸多優點的同時,也受到不少限制,如計算能力的限制、記憶體空間限制及能源限制。也因以上限制,導致感測節點常為攻擊者攻擊的首要目標。

      有鑑於此,遠程證實被提出以檢查感測節點是否遭攻擊者入侵。其作法為透過挑戰/回應協定達成。驗證者可藉由遠程證實檢查證實者的記憶體完整性,以達到其目的。在遠程證實中,亂數填充及耗時驗證機制皆必須採用。然而,若耗時驗證機制被使用於一規模較大的無線感測網路時,會因網路延遲而無法發揮其功效。因而有了硬體基礎之遠程證實的誕生。該遠程證實利用鑲嵌於感測節點的防竄改晶片作為一遠端的代理人進行時間的測量,並驗證該主計算平台之完整性,因此挑戰值及回應值應先被預先計算好,並存放於防竄改晶片上。

      本提案將利用資訊隱藏的技術,將原先應儲存於防竄改晶片上的挑戰值及回應值改存放於主計算平台中的亂數填充區塊。藉此減少防竄改晶片的儲存負擔,並同時增加亂數填充區塊的使用率。

    Wireless sensor network (WSN) composed of base station and sensor nodes has been widely applied in our daily lives, such as healthcare monitoring systems. The advantages of sensor nodes are optimized implementation and cost-efficient. However, these sensors have limited resources in computation, memory capacity, and energy. For the reasons given above, these sensors become attractive target for various security risks. A compromised sensor node will result in fake data delivery or private data disclosure. Therefore, a security mechanism used for detecting the trustworthiness of a sensor node is urgently desired.

    Remote attestation scheme, an effective protection mechanism, has been proposed for detecting the trustworthiness of a sensor node. The remote attestation is based on challenge-response protocol. A verifier can verify the trustworthiness of a sensor node by attesting it's integrity of program memory. In remote attestation, both random padding and time-based detection approach are essential. However, in a large-scale WSN, time-based detection approach is susceptible to varying transmission delays. Therefore, many hardware-based remote attestation schemes depending on a tamper-proof chip have been proposed. The tamper-proof chip is employed to act as a remote agent, therefore, it must store challenge-response pairs for verifying the trustworthiness of the sensor node.

    In this thesis, we propose a remote attestation with lightweight tamper-proof chip. With stenography that we applied, the chip does not need to store challenge-response pairs. The challenge-response pairs are randomly stored in platform while only the lightweight tamper-proof chip is aware of the memory locations of these challenge-response pairs.

    1 緒論 1.1 研究動機 2 1.2 本研究主要貢獻 3 2 相關背景 2.1 無線感測網路 6 2.1.1 無線感測網路之通訊架構 7 2.1.2 無線感測網路之記憶體架構 9 2.2 遠程證實概要 10 2.2.1 訊息鑑別碼 10 2.2.2 基本遠程證實模型 11 2.3 遠程證實之輔助機制 15 3 文獻探討與回顧 3.1 軟體基礎之遠程證實 17 3.1.1 回顧Seshardri等人所提出之系統 17 3.1.2 回顧Yang等人所提出之系統 22 3.2 硬體基礎之遠程證實 24 3.2.1 回顧Krauβ等人所提出之系統 26 3.3 現有遠程證實方法之總結 28 4 應用於遠程證實之資訊隱藏型亂數填充技術 4.1 提案方法之概要 31 4.2 亂數填充區域之嵌入探討 33 4.2.1 亂數填充區佈置-雜湊嵌入法 34 4.2.2 雜湊嵌入法之可行性分析 35 4.3 本提案之隨機記憶體走訪函式介紹 37 4.3.1 線性反饋移位暫存器之介紹 38 4.3.2 設計概念 40 4.3.3 MLFSR 設計細節 41 4.4 亂數填充區佈置-MLFSR嵌入法 44 4.5 多記憶體區塊之MLFSR 47 4.6 本提案之檢查碼計算函式介紹 49 4.7 本提案方法之協定 52 4.8 安全性分析 55 4.8.1 重送攻擊之抵禦 55 4.8.2 記憶體複製攻擊及遮罩攻擊之抵禦 56 4.8.3 壓縮攻擊之抵禦 57 4.8.4 預先計算攻擊之抵禦 57 4.8.5 冒名頂替攻擊之抵禦 58 4.8.6 挑戰值及回應值之安全性探討 58 4.8.7 偵測惡意程式碼成功率 59 5 結論 5.1 本論文貢獻 61 5.2 未來研究方向 62 參考文獻 63

    [1] A. Francillon and C. Castelluccia, “Code Injection Attacks on Harvard architecture Devices,” Proceeding of the 15th ACM Conference on Computer and Communications of Security, pp. 15-26, 2008.
    [2] S. Smith, “Handbook of Financial Cryptography and Security,” Chapmand and Hall/CRC, pp.257-278, 2010.
    [3] H. Tan, W. Hu, and S. Jha, “A TPM-enable Remote Attestation Protocol (TRAP) in Wireless Sensor Networks,” Proceeding of the 6th ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wirekess and Wired Networks, pp. 9-16, 2011.
    [4] T. Zhang, J. Szefer, and R.B. Lee, “Security Verification of Hardware-Enabled Attestation Protocols,” Proceeding of the 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops, pp. 47-54, 2012.
    [5] C. Krauβ, F. Stumpf, and C. Eckert, “Detecting Node Compromise in Hybrid Wireless Sensor Networks Using Attestation Techniques,” Proceedings of the 4th European Conference on Security and Privacy in Ad-hoc and Sensor Networks, pp. 203-217, 2007.
    [6] FIPS 198, “The Keyed-Hash Message Authentication Code (HMAC),” NIST, US Department of Commerce, Washington, D.C., 2002.
    [7] A. Seshadri, A. Perrig, L.V. Doorn and P. Khosla, “SWATT: SoftWare-based ATTestation for Embedded Devices,” proceeding of IEEE Symposium on Security and Privacy, pp. 272-282, 2004.
    [8] A Seshadri, M. Luk, A. Perrig, L.V. Doorn and P. Khosla “SCUBA: Secure Code Update by Attestation in Sensor Networks,” Proceeding of the 5th ACM Workshop on wireless Security, pp. 85-94, 2006.
    [9] A Seshadri, M. Luk, E. Shi, A. Perrig, L.V. Doorn and P. Khosla, “Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems,” Proceeding of the Twentieth ACM Symposium on Operating Systems Principles, pp. 1-16, 2005.
    [10] Y. Yang, X. Wang, S. Zhu and G. Gao, “Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks,” Proceeding of the 26th IEEE Symposium on Reliable Distributed System, pp. 219-230, 2007.
    [11] T. Abuhmed, N. Nyamaa and D. Nyang, “Software-based Remote Code Attestation in Wireless Sensor Network,” Proceeding of the IEEE Conference on Global Telecommunications, pp. 1-8, 2009.
    [12] C. Castelluccia, A. Francillon, D. Perito and C. Soriente, “On the difficulty of Software-based Attestation of Embedded Devices,” Proceeding of the 16th ACM Conference on Computer and Communication Security, pp. 400-409, 2009.
    [13] S. Fluhrer, I. Mantin and A. Shamir, “Weakness in the Key Scheduling Algorithm of RC4,” In 8th Annual Workshop on Selected Areas in Cryptography, pp. 1-24, 2001.
    [14] S. Marti, T.J. Giuli, K. Lai and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” Proceedings of the 6th Annual International
    Conference on Mobile Computing and Networking, pp 255-265, 2000.
    [15] A. Shamir, “How to Share a Secret,” Communication of the ACM, Vol. 22, No.11, pp. 612-613, 1979.
    [16] B. Parno, “The Trusted Platform Module (TPM) and Sealed Storage”Technical Report, 2007.
    [17] D. Schellekens, B. Wyseur and B. Preneel, “Remote Attestation on Legacy Operating System with Trusted Platofrm Modules,” Science of Computer Programming, Vol. 74, Issues 1-2, pp. 13-22, 2008.
    [18] A. Klimov and A. Shamir, “New Cryptographic Primitives Based on Multiword T-function,” Fast Software Encryption Workshop, 2004.
    [19] M. Mitzenmacher and E. Upfal, Probability and Computing: Randomized Algorithm and Probabilistic Analysis, New York: Cambridge University Press,
    pp. 32-34, 2005.
    [20] J. Murray and H. Bradley, The Oxford English Dictionary: Being a Corrected Reissue with an Introduction, Supplement, and Bibliography of a New English Dictionary on Historic Principles, Founded Mainly on the Materials Collected by the Philological Society, Oxford: At the Clarendon Press, 1933.
    [21] E.W. Weisstein, “Primitive Polynomial,” MathWorld – A Wolfram Web Resource. http://mathworld.wolfram.com/PrimitivePolynomial.html
    [22] R.C. Tausworthe, “Random Numbers Generated by Linear Recurrence Modulo Two” Mathematics of Computation, pp. 201-209, 1965.
    [23] B. Rosenberg, Handbook of Financial Cryptography and Security, Chapman and Hall/CRC, pp. 257-274, 2010.

    QR CODE
    :::